SSO vs LDAP
As the enterprises grow in size and complexity, use of secure and efficient user authentication systems has become a very important requirement. SSO using LDAP is a very popular authentication mechanism used today. SSO systems provide the ability of accessing a collection of systems using just one sign in, while LDAP is used as the authentication protocol for these SSO systems.
What is LDAP?
LDAP is an adaptation of X.500 (a complex enterprise directory system) developed by University of Michigan. LDAP stands for Lightweight Directory Access Protocol. Current version of LDAP is versions 3. It is an application protocol used by applications such as email programs, printer browsers or address books to look up information from a server. Client programs that are “LDAP-aware” can ask for information from LDAP running servers in different ways. This information is residing in “directories” (organized as set of records). All the data entries are indexed by LDAP servers. When a certain name or a group is requested, certain filters may be used to get the required information. For example, an email client can search for email addresses of all persons living in New York who has a name staring with “Jo”. Apart from contact information, LDAP is used to look up information like encryption certificates and pointers to resources (e.g. printers) in the network. LDAP is used for SSO as well. If the information to be stored is updated very rarely and fast-lookup is a must, then LDAP servers are ideal. LDAP servers exist as public servers, organizational servers for universities/corporations and smaller workgroup servers. Public LDAP servers are not popular anymore due to the threat of spam. Administrator can set permissions on LDAP databases.
What is SSO?
SSO (Single Sign-On) systems provide the ability for the user to login just once and get access to multiple systems. If user logs in successfully, then he is not prompted again and again for each individual system. Similarly, Single sign-Off allows users to log off once to sign out from multiple software systems. Different systems use different mechanisms for authentication. Therefore, SSO will translate these different credentials and use it during the initial authentication. Advantages of using SSO are increased security by reducing phishing, decreasing password fatigue, reducing time required for overall authentication process and reducing expenditure on help desk staff. Most SSO systems use LDAP authentication system. User at a company, which uses a SSO system, will usually enter his username/password on a web form. SSO software sends this information to the security server. Security server then sends this information to the LDAP server (security server actually logs in to the LDAP server using the credentials). If the log in process is successful, then the security server grants access to the resource requested by the user.
What is the difference between SSO and LDAP?
LDAP is an application protocol used by applications to look up information from a server, while SSO is a user authentication process in which the user can provide credential one time to access multiple systems. SSO is an application, while LDAP is the underlying protocol used for authenticating the user.